What is claimed is: 

1. A meti^od for managing information retention in a system, comprising: 
receiving a set bf information into a system; 
associating one or more keys with said set of information; 

encrypting said set of information using said one or more keys; 
storing said set pf information in encrypted form into one or more repositories; 

and 

purging said set bf information from the system by deleting said one or more 
keys, thereby making said set of information unrenderable. 

2. The method of claim 1, wherein said set of information is purged from 
the system without requimng that the encrypted form of said set of information be 
deleted from the one or more repositories. 

3. The methofl of claim 1, wherein said set of information is stored in the 
one or more repositories only in encrypted form. 



4. The method of claim 1, wherein said one or more keys comprises a 



symmetrically paired set o 



5. Themethoc 
prior to deletion of 



keys. 



of claim 1, further comprising: 
" said one or more keys, receiving a request from an 
information sink to render said set of information to a user; 

accessing the encrypted form of said set of information from the one or more 
repositories; 
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decrypting the encrypted form of said set of information using said one or 
more keys to derive said set of information; and 

providing said set of infon nation to the information sink to enable the 
information sink to render said set of information to the user. 



6. The method of cldim 5, wherein said set of information is stored in the 
one or more repositories only in/encrypted form, and wherein the encrypted form of 
said set of information is decrypted only when it is necessary to render said set of 
information to the user. 

7. The method of claim 1, further comprising: 



one or more keys, receiving a request from an 
set of information to a user; 

form of said set of information from the one or more 



prior to deletion of said 
information sink to render saic 

accessing the encryptec 
repositories; 

accessing said one or iAore keys; and 

providing the encrypted form of said set of information and said one or more 
keys to the information sink to enable the information sink to decrypt the encrypted 
form of said set of information using said one or more keys to render said set of 
information to the user. 



8. 



The method o 



J claim 7, wherein said set of information is stored in the 
one or more repositories only in encrypted form, and wherein the encrypted form of 
said set of information is decrypted only when it is necessary to render said set of 
information to the user. 



5437-055/P3748 



20 



15 



20 



9. The method of cfaim 1, wherein purging comprises: 

\ 

determining, based upon Ian information retention policy, whether said set of 
information should be purged fix m the system; and 

in response to a determination that said set of information should be purged 

of information from the system by deleting said one 
i i set of information unrenderable. 



from the system, purging said set 
or more keys, thereby making sai 



10. The method of claim 9, wherein said information retention policy is 
M io time-based such that said set of information is purged after a certain period of time. 

"CSS? 

I .| 11. The method of claim 9, wherein said information retention policy is 

fy condition-based such that said set of information is purged when one or more 

Q conditions are satisfied. 
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12. An apparatus for managing information retention in a system, 
comprising: 

a mechanism for receiving a set of information into a system; 
a mechanism for associating one or more keys with said set of information; 
a mechanism for encrypting said set of information using said one or more 

keys; 

a mechanism for storing sap set of information in encrypted form into one or 
more repositories; and 

a mechanism for purging s&id set of information from the system by deleting 
said one or more keys, thereby making said set of information unrenderable. 
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13. The apparatus of claim 12, wherein said set of information is purged 

// 

from the system without requiring that the encrypted form of said set of information 
be deleted from the one or more repositories J 

14. The apparatus of claim 12, wherein said set of information is stored in 
the one or more repositories only in encrypted form. 

15. The apparatus of claim ]f2, wherein said one or more keys comprises a 
symmetrically paired set of keys. 

16. The apparatus of cla/m 12, further comprising: 
a mechanism for receiving^ prior to deletion of said one or more keys, a 

request from an information sink to render said set of information to a user; 

a mechanism for accessing the encrypted form of said set of information from 
the one or more repositories;; 

a mechanism for decrypting the encrypted form of said set of information 
using said one or more keys to derive said set of information; and 

a mechanism for/providing said set of information to the information sink to 
enable the information/sink to render said set of information to the user. 



17. The apparatus of claim 16, wherein said set of information is stored in 
the one or more repositories only in encrypted form, and wherein the encrypted form 
of said set of information is decrypted only when it is necessary to render said set of 



information to the 
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18. The apparatus of claim 12, further comprising: 



a mechanism for receiving. 



request from an information sink 
a mechanism for accessing 

the one or more repositories; 

a mechanism for accessing ; 
a mechanism for providin ; 



tp render said set of information to a user; 
the encrypted form of said set of information from 



prior to deletion of said one or more keys, a 



said one or more keys; and 

the encrypted form of said set of information and 
said one or more keys to the infoifmation sink to enable the information sink to 
decrypt the encrypted form of sai i set of information using said one or more keys to 
render said set of information to 1 he user. 



19. The apparatus of 
the one or more repositories onl; 
of said set of information is deci ypted 
necessary to render said set of information 



:laim 18, wherein said set of information is stored in 
? in encrypted form, and wherein the encrypted form 
by the information sink only when it is 
to the user. 



20. The apparatus o 
comprises: 

a mechanism for determ|ining 
whether said set of information 

a mechanism for deleting 
information should be purged 
said set of information unrendefrable 



claim 12, wherein the mechanism for purging 



, based upon an information retention policy, 
should be purged from the system; and 
, in response to a determination that said set of 
f}om the system, said one or more keys, thereby making 
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21 . The apparatus of clain 20, wherein said information retention policy is 



time-based such that said set of infctrmation is purged after a certain period of time. 



22. The apparatus of cla: 
condition-based such that said set of 
conditions are satisfied. 



m 20, wherein said information retention policy is 
information is purged when one or more 



23. A computer readable medium having stored thereon instructions 
which, when executed by one or more processors, cause the one or more processors to 
manage information retention in a system, comprising: 

instructions for causing one or more processors to receive a set of information 
into a system; 

instructions for causing one 
with said set of information; 

instructions for causing one 
information using said one or more 
instructions for causing one 
in encrypted form into one or more 
instructions for causing one 



or more processors to associate one or more keys 

or more processors to encrypt said set of 
keys; 

or more processors to store said set of information 
repositories; and 



or more processors to purge said set of 
information from the system by del :ting said one or more keys, thereby making said 
set of information unrenderable. 



24. The computer 
information is purged from the 
said set of information be deleted 



readable medium of claim 23, wherein said set of 
system without requiring that the encrypted form of 
from the one or more repositories. 
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25. The computer readable\medium of claim 23, wherein said set of 
information is stored in the one or more^ repositories only in encrypted form. 



26. The computer readable m 
keys comprises a symmetrically paired 



sdium of claim 23, wherein said one or more 
of keys. 



27. The computer readable medium of claim 23, further comprising: 
instructions for causing one or more processors to receive, prior to deletion of 
said one or more keys, a request from an information sink to render said set of 
information to a user; 

instructions for causing one or mote processors to access the encrypted form 



more repositories; 

re processors to decrypt the encrypted form 



of said set of information from the one on i 

instructions for causing one or m< 
of said set of information using said one (or more keys to derive said set of 
information; and 

instructions for causing one or niore processors to provide said set of 
information to the information sink to epable the information sink to render said set of 
information to the user. 



28. The computer readable [medium of claim 27, wherein said set of 
information is stored in the one or mote repositories only in encrypted form, and 
wherein the encrypted form of said sat of information is decrypted only when it is 
necessary to render said set of information to the user. 
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29. The computer readable medium ok claim 23, further comprising: 

instructions for causing one or more processors to receive, prior to deletion of 
said one or more keys, a request from an information sink to render said set of 
information to a user; 

instructions for causing one or more processors to access the encrypted form 
of said set of information from the one or more repositories; 

instructions for causing one or more plocessors to access said one or more 
keys; and 

instructions for causing one or more processors to provide the encrypted form 
of said set of information and said one or mdre keys to the information sink to enable 
the information sink to decrypt the encrypte/d form of said set of information using 
said one or more keys to render said set of information to the user. 



30. The computer readable medium of claim 29, wherein said set of 
information is stored in the one or more ripositories only in encrypted form, and 
wherein the encrypted form of said set o^ information is decrypted by the information 
sink only when it is necessary to render said set of information to the user. 



31. The computer readable medium of claim 23, wherein the instructions 
for causing one or more processors to prurge said set of information from the system 
comprises: 

instructions for causing one or Aiore processors to determine, based upon an 
information retention policy, whether said set of information should be purged from 
the system; and 
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instructions for causing one or more processors to delete, in response to a 
determination that said set of information should be purged from the system, said one 
or more keys, thereby making said set of information unrenderable. 

32. The computer readablamedium of claim 31, wherein said information 
retention policy is time-based such Jnat said set of information is purged after a certain 
period of time. 

33. The computer readable medium of claim 31, wherein said information 
retention policy is condition-pased such that said set of information is purged when 
one or more conditions are s/tisfied. 
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